Web cookies are useful for lots of reasons mostly related to keeping websites informed of users’ preferences. For example, thanks to cookies, users don’t have to pick their city of choice every time they visit a weather update site. Thanks cookies. Cookies also tell ad serving companies (like Google AdWords) sites you’ve visited and serve you tailored ads, and are responsible for the Mr Porter ad for those rather spiffy loafers following us all over the internet.
For the most part, cookies don’t contain personal information meaning website operators needn’t worry about falling foul of the various obligations around the collection, use and disclosure of that information under the Privacy Act.
Those obligations are mostly contained within Australian Privacy Principles 3, 5 and 6 regarding the collection, notification of collection and use and disclosure of personal information. If cookies are collecting personal information, then:
Individuals must be notified of that collection; and
That information must be handled in accordance with the Australian Privacy Principles.
The Privacy Commissioner has power to impose penalties of up to $1.7 million for breaches of the Privacy Act, so now is a good time to check what kind of cookies you’ve been baking.